from the period-end-stop dept

As more and more details keep coming out about the NSA's surveillance program, the story keeps coming back around to the key point that many people have been raising all along: How the hell can all of this be legal? The answer may be a simple one: it's not. The administration and various NSA defenders keep insisting that the program is "legal" in that it falls under a law approved by Congress -- though many in Congress insist that they never meant for the law to cover this level of surveillance -- and that it has oversight from the FISA Court, which similarly has approved it. Laura Donohue, a law professor and the director of Georgetown's Center on National Security and the Law, has argued that the program might be "legal" but unconstitutional at the same time. She goes through some of the history of the intelligence overreach, specifically by the NSA. She notes that the whole FISA process was designed specifically to prevent this level of overreach. In the end, she notes the programs may be within the scope of laws that Congress passed, but that doesn't make them Constitutional in the slightest.

To the extent that the FISC sanctioned PRISM, it may be consistent with the law. But it is disingenuous to suggest that millions of Americans' e-mails, photographs and documents are "incidental" to an investigation targeting foreigners overseas.

The telephony metadata program raises similar concerns. FISA did not originally envision the government accessing records.

[....] As a constitutional matter, the Supreme Court has long held that, where an individual has a reasonable expectation of privacy, search and seizure may occur only once the government has obtained a warrant, supported by probable cause and issued by a judge. The warrant must specify the places to be searched and items to be seized.

[....]Americans reasonably expect that their movements, communications and decisions will not be recorded and analyzed by the government. A majority of the Supreme Court seems to agree. Last year, the court considered a case involving 28-day GPS surveillance. Justice Samuel Alito suggested that in most criminal investigations, long-term monitoring "impinges on expectations of privacy." Justice Sonia Sotomayor recognized that following a person's movements "reflects a wealth of detail about her familial, political, professional, religious, and sexual associations."

Meanwhile two other law professors, Jennifer Granick from Stanford and Chris Sprigman, who just moved to NYU from UVA, have written an even more detailed piece for the NY Times explaining why the programs are illegal and unconstitutional. They note that some have claimed the programs are "legal," accepting the administration's claims. However, they argue that even that claim is highly unlikely.

This view is wrong — and not only, or even mainly, because of the privacy issues raised by the American Civil Liberties Union and other critics. The two programs violate both the letter and the spirit of federal law. No statute explicitly authorizes mass surveillance. Through a series of legal contortions, the Obama administration has argued that Congress, since 9/11, intended to implicitly authorize mass surveillance. But this strategy mostly consists of wordplay, fear-mongering and a highly selective reading of the law. Americans deserve better from the White House — and from President Obama, who has seemingly forgotten the constitutional law he once taught.

They detail why each of the two programs are not actually justified by the laws that are used to defend them. First up, Section 215 of the Patriot Act, the so called "tangible things" clause, which was, at one time, known as the "library records" clause as it was used to collect library records to see what books people were checking out, but which is now being used to justify the collection of "metadata" on pretty much every phone call made and (as we just learned) many emails as well.

Even in the fearful time when the Patriot Act was enacted, in October 2001, lawmakers never contemplated that Section 215 would be used for phone metadata, or for mass surveillance of any sort. Representative F. James Sensenbrenner Jr., a Wisconsin Republican and one of the architects of the Patriot Act, and a man not known as a civil libertarian, has said that "Congress intended to allow the intelligence communities to access targeted information for specific investigations." The N.S.A.'s demand for information about every American's phone calls isn't "targeted" at all — it's a dragnet. "How can every call that every American makes or receives be relevant to a specific investigation?" Mr. Sensenbrenner has asked. The answer is simple: It's not.

The government claims that under Section 215 it may seize all of our phone call information now because it might conceivably be relevant to an investigation at some later date, even if there is no particular reason to believe that any but a tiny fraction of the data collected might possibly be suspicious. That is a shockingly flimsy argument — any data might be "relevant" to an investigation eventually, if by "eventually" you mean "sometime before the end of time." If all data is "relevant," it makes a mockery of the already shaky concept of relevance.

From there, we move onto PRISM, which is justified under Section 1881a of the FISA Amendments Act (FAA). This was the part of the law that "allowed" warrantless wiretapping, a program that had been going on for years, but had to be "approved" after the press found out about it. Even though this program granted broad powers for the collection of information (perhaps unconstitutionally so), Granick and Sprigman point out that even PRISM appears to exceed the boundaries of the already too broad law:

Like the Patriot Act, the FISA Amendments Act gives the government very broad surveillance authority. And yet the Prism program appears to outstrip that authority. In particular, the government "may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States."

The government knows that it regularly obtains Americans' protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target's "foreignness" — as John Oliver of "The Daily Show" put it, "a coin flip plus 1 percent." By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.

The Granick and Sprigman piece also points out that to tap dance around the fact that both of these programs clearly violate the laws that defenders claim allowed them, those defenders basically try to redefine the English language -- such that "acquire" now only means "looks at" rather than "acquire", and "target" means target of the investigation rather than the person whose data is collected, and "incidental" means, well, let's not even try to figure out what it means, because it doesn't appear the NSA knows. Donohue, Granick and Sprigman point out that the Supreme Court was pretty clear in US v. Jones concerning widespread, long term monitoring, which suggests these programs are, on top of being illegal, unconstitutional under the 4th Amendment.

Eventually, these programs are going to get tested in court. The government is going to do everything it can to avoid the lawsuits, claiming a lack of standing, national security and whatever else it can think up. But, sooner or later they're going to have to face the music and realize that stomping all over the Constitution and the law isn't what the American public signed up for.

from the how-it's-done dept

Another trademark dispute, another horrible and negative story where the mark owner acts like a jackass, right? I mean, the trend is clear, from 60's rock legends suing over penis-apps, to game producers suing over terms nearly a century old, you get the idea that everyone with a trademark is Oscar the Grouch. They just can't help but call in their big shot lawyers, who immediately send out the cease and desist notices, even though they'd rather mail out one of those Harry Potter howler letters or possibly a small nuclear weapon. It's inevitable.

Or, then again, perhaps it isn't. Nick writes in with the tale of an absolutely brilliant response to a trademark dispute from the mark holder, who not only left the lawyers at home and replaced them with a polite letter, but was so over the top kind about the whole thing as to suggest other words for the violator's product, turning him into a potential customer.

Early in December here at Wordnik we got a nice email from one of our loyal users, letting us know that there was a word game in the app store using the name “Wordnik.” It didn’t have our heart logo (or even our “gearheart” ) so our correspondent wasn’t sure it was ours … and it wasn’t. So we took a look at the game, and it was called Wordnik. And there was contact info for the developer.

This is typically where we'd see a hateful C&D notice sent, filled with accusations of theft, reports of untold gazillions in very real harm done by the violation, and the promise that if the violation doesn't cease the lawyers will swing by soon to eat the faces off of their children.

For some strange reason, however, the Wordnik folks decided that there just might be a better way to go than all out war. While acknowledging that their initial reaction was to be somewhat upset over the use of their mark, they instead chose to send the following email (edited only for formatting):

One of the users of our website, Wordnik.com, pointed out to us that your iOS app is also using the name “Wordnik”. You may not be aware that we have applied for a US trademark for the name “Wordnik” and our application has been approved for registration. Since the Wordnik API powers many word games on the web and on mobile devices, our trademark filing for the name “Wordnik” also includes its use in combination with computer games.

I’d rather not drag our lawyers into this (expensive for both of us) — but given our trademark status, you probably want to consider renaming your app (and maybe even using our API, check it out at developer.wordnik.com). How about:

Wordify
Wordista
Wordian
Wordeur

This list of English suffixes may help, too: http://en.wiktionary.org/wiki/Category:English_suffixes

I hope to hear back from you by Dec 31, 2012.

The response was everything they had hoped for. Not only did the other developer respond promptly, promising to change the name of his app and acknowledging that he hadn't realized his error, but the two sides continued to communicate about several topics, including background on the suggestions the Wordnik folks had made and Wordnik's own API and how it could be used to enhance the previously offending app. Not only was this a kind way to handle a trademark request, but it turned out to be an advertisement for the Wordnik product itself. Then, because apparently Wordnik is trying to win some kind of peace award here, they sent the guy a Wordnik T-shirt. The offending app has since changed its name to Wordogram and all is well.

Wordnik notes that this approach may not work universally, but why shouldn't it be the first attempt in most instances? They say it best themselves:

From our point of view, this was the best possible outcome. We defended our trademark; we met a cool, kindred-spirit developer and had a fun conversation; and we found a new word game to play (and possibly gained another API client). And it’s likely none of this would have happened if we’d sent a pissy email, guns blazing.

from the holy-sanity,-batman dept

In a move that should remind you of Spain's ruling that personal file-sharing was legal, before America's entertainment industry helpfully wrote the Spanish people a new law (wait...what!!?!?), file-sharing for personal use has been declared legal in Portugal. How could something so monumental happen, you wonder? Well, funny story: the entertainment industry made it happen.

The tale goes something like this. An anti-piracy group sponsored by the entertainment industry called ACAPOR got all uppity about Portuguese filesharing a year ago and decided to helpfully deliver boxes (yes, physical boxes) of IP addresses suspected of filesharing infringing files to Portugal's Attorney General's office. They did this while wearing shirts that proclaimed "Piracy is illegal" in case anyone thought they were there for a cause that is actually useful and/or interesting.

“We are doing anything we can to alert the government to the very serious situation in the entertainment industry,” ACAPOR commented at the time, adding that “1000 complaints a month should be enough to embarrass the judiciary system.”

Secure in their knowledge that justice would be done, ACAPOR's minions then went home and did whatever it is these kinds of people do when they aren't making fantastic amounts of noise and generally making fools of themselves.

Well, as is their duty, the folks at the Attorney General's office did look through the boxes of evidence ACAPOR had provided...and promptly threw them out.

The Department of Investigation and Penal Action (DIAP) looked into the complaints and the prosecutor came back with his order this week. Contrary to what the anti-piracy group had hoped for, the 2,000 IP-addresses will not be taken to court. Worse for ACAPOR, the prosecutor goes even further by ruling that file-sharing for personal use is not against the law.

“From a legal point of view, while taking into account that users are both uploaders and downloaders in these file-sharing networks, we see this conduct as lawful, even when it’s considered that the users continue to share once the download is finished.”

Oops. Turns out those "Piracy is illegal" shirts are as ill-informed about the law in Portugal as the people wearing them. Especially since, for good measure, the AG informed ACAPOR that IP addresses are not people, so their evidence wasn't so much "evidence" as it was "a horrific waste of time and trees".

Now, not one to let facts get in the way of saying something stupid, ACAPOR boss Nuno Pereira pushed back on the AG's office.

“Personally I think the prosecutors just found a way to adapt the law to their interest – and their interest is not having to send 2,000 letters, hear 2,000 people and investigate 2,000 computers,” Pereira says.

Sure, that makes sense. Everyone knows if you're looking to avoid having to send letters and do paperwork, becoming a lawyer is the way to go. But did you really expect an anti-piracy group to take a sane thumping gracefully?

Of course, as we've seen elsewhere, whenever a country reacts sensibly concerning things like file sharing, the entertainment industry lobbying engine revs right back up... and suddenly the countries are described by US politicians in the worst possible terms. Any bets on whether or not Portugal just wrote itself onto the USTR's Special 301 list and the Congressional Anti-Piracy Caucus' "watch list"?

from the bad-moves dept

Via Reddit we learn of yet another bad move by a shortsighted company. This time it's Sony Ericsson, who sent a legal nastygram to the Xperia blog at xperiablog.net -- a blog that talks up and promotes a bunch of things happening with the Xperia device that Sony Ericsson is pushing. Since it sounds like the blog itself, and the post explaining this, is likely to go away pretty soon, we're reposting it here:

It is with great sadness that we have to bring you the news that this will be the last post on this website. Sony Ericsson has filed a formal complaint about the use of the trademarked 'Xperia' name in our domain name and have requested that the domain names, including that of XperiaX10.net, be transferred to them.

Sony Ericsson is alleging that we have used the domain names in "bad faith". We are stunned and disappointed that Sony Ericsson, a company that we have spent much of our free personal time in promoting, especially the Xperia brand, has decided to take this formal action against us. After all we are just like you, passionate Sony Ericsson users, who have strived to bring the community breaking news and an independent viewpoint.

We do not have the resources to fight Sony Ericsson on this and therefore this is the last you will hear from us. Sony Ericsson has made great strides in its Xperia portfolio, especially in listening to the community. This makes it all the more confusing as to why Sony Ericsson would want to shut us down. We genuinely believe that 2012 could be a bumper year for the company, we just wish we could have been there along for the ride.

It's too bad they decided to cave. I would imagine they might be able to find some pro bono legal help on this, because the claim that the domain was registered in bad faith seems pretty freaking ridiculous. Plenty of "fan sites" have been allowed to continue, as long as there's no likelihood of confusion. It really is too bad that Sony Ericsson not only chose to go this route, but also went all the way to a formal dispute resolution (they don't say what, but I'm guessing a UDRP claim). It's amazing how many companies do really dumb things, just because some lawyers know they can.

from the the-illegality-of-linking dept

TorrentFreak has the details on yet another ridiculous story of "anti-piracy" groups going way too far. In this case, it's the Greek Society for the Protection of Intellectual Property (AEPI), who has sued the site LiveMovies.gr for infringement, claiming the site is making available unauthorized content, and saying that it has "suffered damages worth 10,000 euros for each illegal act." The only problem? LiveMovies.gr does not link to unauthorized content. It only links to content that is being officially streamed by the authorized rights holders. In other words, they've set up a "TV guide" of sorts to legitimate online streaming of content. They've explained this to the AEPI who apparently can't comprehend that the site is only linking to authorized content, and continues to press forward with the lawsuit. In response, LiveMovies.gr is filing a countersuit against AEPI, claiming both fraud and perjury. Should be interesting to see what happens next...

from the that-didn't-last-long dept

A bunch of free culture sites got pretty excited recently when a Spanish court ruled that file sharing sites, as well as links sites, weren't illegal. Of course, we noted this was hardly a new thing. Spanish courts had already made similar rulings in the past. In fact, the timing of this ruling seemed particularly bad, since we'd noted a few months ago that there were proposals being pushed to change copyright law in Spain. So it should come as little surprise that just days after that last ruling, the gov't has started moving forward with getting the new law approved, and many expect it will be in place within a few months.

The new law sounds particularly bad as well. It would set up a governmental bureaucracy that could simply denounce any site as illegal, if it feels that it offers links to infringing content. Once "denounced," the Spanish high court would get a grand total of four days to determine if the site should be shut down -- and the only reason why it would be allowed to not shut the site down would be if there were clear concerns about freedom of expression. Basically, if the gov't feels a site has too many "unauthorized" links, it gets shut down with minimal review. So much for a more balanced approach to copyright law.

from the proper-liability-placement dept

Spain continues to be one of the few countries out there that seems to not have its judges lose their critical thinking abilities the second anyone mentions the word "piracy." We've pointed out a few times in the past that Spanish courts have ruled that file sharing is legal and it looks like they've done so again. Infophage was the first of a few to send in an article about the latest ruling, which again found that just linking to infringing material is not copyright infringement. The judge apparently went further, though, also noting that using P2P file sharing systems does not appear to violate copyright law in Spain, as long as the user isn't doing so for monetary profit.

Of course, this isn't over by a long shot. Late last year, entertainment industry lobbyists got Spanish politicians to propose new copyright laws that would (of course) ratchet up copyright to make it more like it is in other countries (i.e., more draconian). And, as we recently noted, a bunch of Spanish record labels have sued the gov't for not doing enough to stop file sharing. But, hopefully, this country that has explicitly rejected three strikes laws will stick to its guns and recognize that perhaps the court rulings make sense -- and that the first response to an industry unwilling to adapt to a technologically-changed market isn't to change the laws, but to ask those companies to start adapting.

from the might-be-a-bit-extreme dept

A few years back, we asked if it should be illegal to get hacked. In that case, we were referring to some fines that the FTC had handed out to companies that had leaked data to hackers. This raised some troubling questions -- as it's often difficult-to-impossible to stop your computer systems from getting hacked, and putting liability on the company could lead to some serious unintended consequences. Yet, at the same time, over the past few years, we've heard about large security breaches on a regular basis (thanks, in large part, to new disclosure laws) -- and often those breaches definitely seem to be due to negligence on the part of a corporate IT team that failed to lock down the data in any significant manner. That seems to be leading more people down the path of saying that companies should be liable for getting hacked.

For example, Slashdot points us to a blog post at InfoWorld, where it's suggested that companies should be criminally liable for leaking such data. I can certainly understand the sentiment, but it may go too far. Again, it's impossible to totally protect a system from getting hacked. Sooner or later there's always going to be some sort of leak. Increasing penalties could make companies take things more seriously -- especially in cases of gross negligence (which do seem all too common). But making the rules too strict can have serious negative unintended consequences as well, even to the point that some companies may stop accepting credit cards altogether, since the liability would just be too great. Would people be willing to give up the convenience of credit cards to protect their safety? From what we've seen, for most users the answer would be no. They know their credit cards are at risk, but they still use them because the benefit of the convenience still seems to outweigh the danger of the risk.